Quote Request

With the media attention Cyber Crime has been given over the past 12 months it is clear that the risks are increasing all the time. According to IBM, Cyber Crime is now worth an estimated $450 Billion per year and more worrying is that it’s not showing any signs of slowing down.

There are many forms of Cyber Crime, which require a technical based response; you will be told that you need stronger passwords, better perimeter IT security, additional security software, regular security reviews, email cleansing services, anti-virus and anti-malware software etc.

But no matter how much technology you have or how good it is, there is one form of Cyber Crime that targets the human element of your systems and that’s Phishing.

So what is phishing? Phishing is a fraudulent act whereby emails are sent to individuals posing as reputable companies or as people known to you in your organisation to gather personal information from you such as passwords, credit card numbers or even requesting money transfers to companies you would normally deal with. More recently Phishing emails have been used as a delivery method Ransomware further increasing the security and business risk.

Over the past decade, phishing attacks have evolved to become highly sophisticated making it challenging for even the most well informed of people to spot them especially if the emails are in context e.g. you are already banking with HSBC, you have just bought something using PayPal, your trusty IT people advise of a password change etc.

The success of these kind of attacks has increased over the last few years as more and more of us use modern communication techniques.

You may be thinking, “What can we do about it?” Well, education through a process of continual testing and training is key. By monitoring and measuring staff behaviour and response to artificial phishing emails, we can track their actions and determine the degree of risk and the right level of education based on their behaviour.

So how does it work? After an initial bench mark of Phishing results from the first Phishing test, the programme will then run continuously typically monthly in a continuous cycle through- testing, reporting and education… Over time, awareness and education will improve and this naturally reduces company risk.

By combining technology, alongside user awareness and education programmes, the chances of a successful Phishing attempts can be drastically reduced.

If you’re interested in finding out more our friendly sales and technical teams are more than happy to discuss our approach with you.

Written by Chris Malyon Chris joined Select Technology in 2011 as 3rd line engineer and is now responsible for all Service Delivery. He has a talent to grasp new concepts quickly and masters technical detail.

With cybersecurity at the forefront of most IT leaders’ attention, it has never been more important to consider GDPR compliance when speaking to IT service providers.

I recently read a great piece over at CIO from last year featuring an interview with Mayer Brown legal partner, Rebecca Eisner.

Eisner talks about some of the challenges faced by customers of IT managed service providers, particularly larger organisations with a more complex staff and network structure.

She discusses that although data protection measures need to be included in IT service contracts, “Suppliers are understandably concerned about not paying damages that are disproportionate to the revenue received, and therefore seek to limit or disclaim their liability.”

Eisner goes on to say that, “Customers are equally concerned, particularly where suppliers do not have the same incentives to protect customerdata as the customer, and because the negative impacts of a security incident are generally far more significant to the customer than to the supplier.”

This highlights the importance of establishing a clear set of guidelines with your providers so that everyone understands their responsibilities.

The Growing Complexity of Cybersecurity

The global infrastructure of data centres continues to grow and become more dispersed across the globe.

From your smartphone to the cloud and back again, there is a far greater margin for error and far more opportunities for your data to become compromised than ever before.

Eisner remarks, “The points of access and potential points of security failure multiply with this ever-expanding ecosystem. In addition, many of these systems are provided or managed by third party suppliers.”

Consider also the new European General Data Protection Regulation (GDPR) and its far-reaching implications.

Every access point that your data touches must fall in line with the regulation that will come into effect next year.

Everything from your contracts, to your day-to-day operations and the handling of customer data must be considered and kept up-to-date.

How to Mitigate Risk When Outsourcing IT

I recommend checking out the full article linked above; however, here is a summary of Rebecca Eisner’s recommendations for improving cybersecurity in your relationships with IT service providers:

Make sure every member of staff from your secretary to the directors is trained and educated on the importance and practicalities of data security and customer privacy, as well as methods of minimising risk.

Gain a clear understanding from your provider exactly who will be handling sensitive data; this includes client information and any data that is integral to the business’ finance, operations, and so on.

Query your provider’s own cybersecurity measures, including the policies they have in place for identifying potentially high-risk third-party relationships.

Review your existing service contracts to ensure they meet both your updated internal cybersecurity policies, and GDPR when it lands in 2018.

Periodic reviews should also be conducted by both your organisation and your providers to ensure policies are kept up-to-date.

A Little Due Diligence Goes a Long Way

This post is by no means comprehensive, and is intended mostly to get you thinking about your own approach to cybersecurity.

This is particularly important in the changing landscape of data protection regulation.

Make your IT managed service provider work for you by having them ensure the necessary measures are in place to secure your data in situ and in transit.

If you’re not sure how to approach a discussion about GDPR with your service providers, then call us today and we’ll be happy to help.